Ensure that detailed CloudWatch metrics are enabled for all APIs created with AWS API Gateway service in order to monitor API stages caching, latency and detected errors at a more granular level and set alarms accordingly.
This rule can help you with the following compliance standards:
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
excellence
efficiency
The main benefit of enabling AWS CloudWatch metrics for API stages is getting more granular metric data which can help you to act fast and take immediate actions based on information delivered by these metrics through alarms. For example, if you developed a critical API and you need to be notified sooner when there is a sudden spike in 4xx or 5xx errors, you can set alarms that monitors and triggers on a per minute basis (instead of 5 minute period) using the data gathered by detailed CloudWatch metrics.
Audit
To determine if your API stages have AWS CloudWatch metrics enabled, perform the following:
Remediation / Resolution
To enable detailed CloudWatch metrics for your Amazon API Gateway APIs stages, perform the following actions:
References
- AWS Documentation
- Amazon API Gateway FAQs
- Trace API Management and Invocation
- Monitor API execution with Amazon CloudWatch
- AWS Command Line Interface (CLI) Documentation
- apigateway
- get-rest-apis
- get-stages
- update-stage
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
APIs Detailed CloudWatch Metrics
Risk level: Medium